什么是Dockerfile
由于Docker官网公共仓库镜像大多不完整,无法真正满足企业的生产环境系统,此时需要我们自行定制镜像或者重新打包镜像。
Docker镜像制作是管理员的必备工作之一,Docker镜像制作的方法主要有两种,制作方法如下:
- Docker commit|export将新容器提交至Images列表
- 编写Dockerfile,bulid新的镜像至镜像列表
Dockerfile正是用来构建Docker镜像的构建文件,是由一系列的命令和参数构成的脚本,Dokcerfle的构建步骤
(1)编写Dokcerfle文件(2)docker buld 生成新的镜像(3)docker run 运行镜像 https://hub.docker.com/
Docker file制作过程解析
基础知识
1,每条保留字指令影必须为大写字母后面要眼随至少一个参数
2,指令从上到下顺序执行
3,#表示注释
4,每条指令都会创建一个新的镜像层,并对镜像提交
大致流程
1,docker从基础镜像运行一个容器
2,执行一条指令并对容器进行修改
3,执行类似于docker commit的操作提文一个新的镜像,
4,docker再基于刚提交的新的镜像运行一个新的容器
5,执行Dockerfile的下一个指令再从执行第2点直到没有指令
基于Centos7镜像制作开放22端口开ssh服务登入Centos7
[root@localhost ssh]# chmod 600 ssh_host_ed25519_key
[root@localhost ssh]# cp ssh_host_ed25519_key /test/
[root@localhost ssh]# chmod 600 ssh_host_ecdsa_key
[root@localhost ssh]# cp ssh_host_ecdsa_key /test/
[root@localhost ssh]# chmod 600 ssh_host_rsa_key
[root@localhost ssh]# cp ssh_host_rsa_key /test/
[root@localhost docker]# tar -czf ssh.tar ssh*
[root@localhost docker]# ll
total 20
-rw-r--r-- 1 root root 394 Jul 23 20:58 Dockerfile
-rw------- 1 root root 227 Jul 23 15:29 ssh_host_ecdsa_key
-rw------- 1 root root 387 Jul 23 15:29 ssh_host_ed25519_key
-rw------- 1 root root 1675 Jul 23 15:29 ssh_host_rsa_key
-rw-r--r-- 1 root root 1829 Jul 23 15:31 ssh.tar
[root@localhost docker]# cat Dockerfile
FROM ansible/centos7-ansible
MAINTAINER complicated
RUN echo 12345 |passwd --stdin root &&\
yum install net-tools openssh-server -y &&\
rm -rf /etc/yum.repos.d/epel*
ADD ssh.tar /etc/ssh
RUN sed -i '/DNS/s/#//g' /etc/ssh/sshd_config &&\
sed -i '/DNS/s/yes/no/g' /etc/ssh/sshd_config &&\
/usr/sbin/sshd
EXPOSE 22
WORKDIR /root
CMD /usr/sbin/sshd;/bin/bash
[root@localhost docker]# docker build -t coten7-ssh-v1 .
[root@localhost docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
coten7-ssh-v1 latest 3c72505e3d2a About a minute ago 573MB
ansible/centos7-ansible latest 688353a31fde 3 years ago 447MB
[root@localhost docker]# docker run -itd coten7-ssh-v1
23d2beae2b00d326c8baab44a5806260cf78db63ffd1662b0816b77d0852ad80
[root@localhost docker]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
23d2beae2b00 coten7-ssh-v1 "/bin/sh -c /usr/sbi…" 8 seconds ago Up 8 seconds 22/tcp wizardly_hugle
[root@localhost docker]# docker exec -it 23d2beae2b00 /bin/bash
[root@23d2beae2b00 ~]# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7/sshd
tcp6 0 0 :::22 :::* LISTEN 7/sshd
[root@localhost docker]# docker inspect 23d2beae2b00 | grep -i ipaddr | tail -1
"IPAddress": "192.168.179.1",
#使用shell去登入
Connecting to 192.168.179.1:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
WARNING! The remote SSH server rejected X11 forwarding request.
Last failed login: Thu Jul 23 13:18:21 UTC 2020 from 192.168.179.4 on ssh:notty
There were 2 failed login attempts since the last successful login.
[root@23d2beae2b00 ~]#
开放22端口并且配置容器和宿主机免密登入
[root@www ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:t16JQoHMQNlQapgpQFfRkNHttXzRM+rZzouWh4pbBr0 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|o. o=XO . . |
|. .+.*.+ . . . + |
|. + o + o o . o o|
| . . o.o o |
| S...o o |
| . ..o.+ . |
| . oEo = |
| o+. +.+ |
| oo.o....|
+----[SHA256]-----+
[root@www ~]# ll .ssh/
total 12
-rw------- 1 root root 1679 Jul 25 19:35 id_rsa
-rw-r--r-- 1 root root 402 Jul 25 19:35 id_rsa.pub --私钥
-rw-r--r-- 1 root root 172 Jul 25 21:25 known_hosts --公钥
#公钥要传给容器,或者制作dockerfile,这样宿主机ssh登入容器才能免密码登入
[root@www ~]# cp .ssh/id_rsa.pub /docker/
[root@www docker]# ll
total 24
-rw-r--r-- 1 root root 385 Jul 25 21:21 Dockerfile
-rw-r--r-- 1 root root 402 Jul 25 19:36 id_rsa.pub
-rw------- 1 root root 227 Jul 25 21:14 ssh_host_ecdsa_key
-rw------- 1 root root 387 Jul 25 21:13 ssh_host_ed25519_key
-rw------- 1 root root 1679 Jul 25 21:14 ssh_host_rsa_key
-rw-r--r-- 1 root root 1833 Jul 25 21:15 ssh.tar
[root@www docker]# cat Dockerfile
FROM ansible/centos7-ansible
MAINTAINER Complicated
RUN echo 123456 | passwd --stdin root &&\
yum install net-tools openssh-server -y
ADD ssh.tar /etc/ssh
RUN sed -i '/DNS/s/#//g' /etc/ssh/sshd_config &&\
sed -i '/DNS/s/yes/no/g' /etc/ssh/sshd_config &&\
mkdir -p /root/.ssh
COPY id_rsa.pub /root/.ssh/authorized_keys
WORKDIR /root
CMD /usr/sbin/sshd;/bin/bash
[root@www ~]# docker run -itd --name os1 --privileged -p 6522:22 centos7-ssh:v2
8b047b9db23701025f10f8364894d1170f065fe7398fd0f4b331451725f5d0d2
[root@www ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8b047b9db237 centos7-ssh:v2 "/bin/sh -c /usr/sbi?? 2 seconds ago Up 2 seconds 0.0.0.0:6522->22/tcp os1
[root@www ~]# docker exec 8b047 netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7/sshd
tcp6 0 0 :::22 :::* LISTEN 7/sshd
[root@www ~]# docker exec 8b047 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@www ~]# ssh -l root 172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:f+ZyP4Ec4dPDSYUXXrhZPdSIkrNyh2M+ALTi77N+vdY.
ECDSA key fingerprint is MD5:fd:3a:e0:d3:6a:37:01:44:19:8e:ff:cf:29:c0:c4:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
[root@8b047b9db237 ~]# exit
logout
Connection to 172.17.0.2 closed.
[root@www ~]# ssh -l root 172.17.0.2
Last login: Sat Jul 25 13:25:04 2020 from 172.17.0.1